WordPress Plugin Vulnerabilities

Recipe Card Blocks for Gutenberg & Elementor < 3.3.2 - Missing Authorization

Description

The Recipe Card Blocks for Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the search_recipes() and import_recipes() functions in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to search and import recipes.

Affects Plugins

Plugin icon
recipe-card-blocks-by-wpzoom
Fixed in 3.3.2

References

CVE
CVE-2024-43293
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/b59decf5-938c-4a5f-a839-47e19e978c84

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
LVT-tholv2k
Verified
No
WPVDB ID
344ce4f0-ff3d-4f60-a010-68715b88b092

Timeline

Publicly Published
2024-08-16 (about 1 year ago)
Added
2024-08-19 (about 1 year ago)
Last Updated
2024-08-19 (about 1 year ago)

Other

Published
Title
Published
2026-01-21
Title
TaxCloud for WooCommerce < 8.4.0 - Missing Authorization
Published
2024-06-28
Title
Uncanny Toolkit Pro for LearnDash < 4.1.4.1 - Missing Authorization to Arbitrary Page/Post Duplication
Published
2025-05-07
Title
GS Variation Swatches for WooCommerce < 3.0.5 - Missing Authorization
Published
2026-04-30
Title
Total Upkeep < 1.17.2 - Missing Authorization to Unauthenticated Rollback Cancellation
Published
2025-09-22
Title
Lazy Blocks < 4.1.1 - Missing Authorization